Sample viewer

vx.netlux.org/Virus.DOS.LAVI.1536

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:27:11.01907015Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dh, 0xa 0x12aec: jne 0x12afa 0x12aee: mov ah, ah 0x12af0: cmp dl, 5 0x12af3: jne 0x12afa 0x12af5: mov dx, dx 0x12af7: call 0x12cb8 0x12afa: mov ch, ch 0x12afc: add ah, 0 0x12aff: push cs 0x12b00: pop es 0x12b01: mov dh, dh 0x12b03: mov si, 0x13a 0x12b06: mov ch, ch 0x12b08: cmp word ptr [bp + si + 1], 0x414c 0x12b0d: jne 0x12b1d 0x12b0f: mov ah, 0xb9 0x12b11: mov dx, dx 0x12b13: add ah, 0 0x12b16: int 0x21
2018-12-17T22:27:11.022152233Z	185	PC: 12b18 \| UNKNOWN!
2018-12-17T22:27:11.023468054Z	74	PC: 12b78 \| Reallocate memory
2018-12-17T22:27:11.024751902Z	53	PC: 12b7d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:27:11.026425859Z	37	PC: 12b9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:27:11.027471642Z	75	PC: 12c32 \| Execute program
2018-12-17T22:27:11.042066255Z	42	PC: 13349 \| Get date 0x13349: cmp dh, 0xa 0x1334c: jne 0x1335a 0x1334e: mov ah, ah 0x13350: cmp dl, 5 0x13353: jne 0x1335a 0x13355: mov dx, dx 0x13357: call 0x13518 0x1335a: mov ch, ch 0x1335c: add ah, 0 0x1335f: push cs 0x13360: pop es 0x13361: mov dh, dh 0x13363: mov si, 0x13a 0x13366: mov ch, ch 0x13368: cmp word ptr [bp + si + 1], 0x414c 0x1336d: jne 0x1337d 0x1336f: mov ah, 0xb9 0x13371: mov dx, dx 0x13373: add ah, 0 0x13376: int 0x21
2018-12-17T22:27:11.044742583Z	76	PC: 132a4 \| Terminate with return code (Return code = '1')
2018-12-17T22:27:11.04829412Z	73	PC: 12c44 \| Release memory
2018-12-17T22:27:11.049700847Z	49	PC: 12c53 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4825,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:56.706966379Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dh, 0xa 0x12aec: jne 0x12afa 0x12aee: mov ah, ah 0x12af0: cmp dl, 5 0x12af3: jne 0x12afa 0x12af5: mov dx, dx 0x12af7: call 0x12cb8 0x12afa: mov ch, ch 0x12afc: add ah, 0 0x12aff: push cs 0x12b00: pop es 0x12b01: mov dh, dh 0x12b03: mov si, 0x13a 0x12b06: mov ch, ch 0x12b08: cmp word ptr [bp + si + 1], 0x414c 0x12b0d: jne 0x12b1d 0x12b0f: mov ah, 0xb9 0x12b11: mov dx, dx 0x12b13: add ah, 0 0x12b16: int 0x21
2018-12-25T11:52:56.709505826Z	185	PC: 12b18 \| UNKNOWN!
2018-12-25T11:52:56.710841599Z	74	PC: 12b78 \| Reallocate memory
2018-12-25T11:52:56.712032467Z	53	PC: 12b7d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:56.713657683Z	37	PC: 12b9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:56.714950151Z	75	PC: 12c32 \| Execute program
2018-12-25T11:52:56.729023514Z	42	PC: 13349 \| Get date 0x13349: cmp dh, 0xa 0x1334c: jne 0x1335a 0x1334e: mov ah, ah 0x13350: cmp dl, 5 0x13353: jne 0x1335a 0x13355: mov dx, dx 0x13357: call 0x13518 0x1335a: mov ch, ch 0x1335c: add ah, 0 0x1335f: push cs 0x13360: pop es 0x13361: mov dh, dh 0x13363: mov si, 0x13a 0x13366: mov ch, ch 0x13368: cmp word ptr [bp + si + 1], 0x414c 0x1336d: jne 0x1337d 0x1336f: mov ah, 0xb9 0x13371: mov dx, dx 0x13373: add ah, 0 0x13376: int 0x21
2018-12-25T11:52:56.731644197Z	76	PC: 132a4 \| Terminate with return code (Return code = '2')
2018-12-25T11:52:56.73444824Z	73	PC: 12c44 \| Release memory
2018-12-25T11:52:56.73557602Z	49	PC: 12c53 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4825,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:56.711429716Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dh, 0xa 0x12aec: jne 0x12afa 0x12aee: mov ah, ah 0x12af0: cmp dl, 5 0x12af3: jne 0x12afa 0x12af5: mov dx, dx 0x12af7: call 0x12cb8 0x12afa: mov ch, ch 0x12afc: add ah, 0 0x12aff: push cs 0x12b00: pop es 0x12b01: mov dh, dh 0x12b03: mov si, 0x13a 0x12b06: mov ch, ch 0x12b08: cmp word ptr [bp + si + 1], 0x414c 0x12b0d: jne 0x12b1d 0x12b0f: mov ah, 0xb9 0x12b11: mov dx, dx 0x12b13: add ah, 0 0x12b16: int 0x21
2018-12-25T11:52:56.715164261Z	185	PC: 12b18 \| UNKNOWN!
2018-12-25T11:52:56.717232921Z	74	PC: 12b78 \| Reallocate memory
2018-12-25T11:52:56.71922632Z	53	PC: 12b7d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:56.721055917Z	37	PC: 12b9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:56.723877573Z	75	PC: 12c32 \| Execute program
2018-12-25T11:52:56.741209468Z	42	PC: 13349 \| Get date 0x13349: cmp dh, 0xa 0x1334c: jne 0x1335a 0x1334e: mov ah, ah 0x13350: cmp dl, 5 0x13353: jne 0x1335a 0x13355: mov dx, dx 0x13357: call 0x13518 0x1335a: mov ch, ch 0x1335c: add ah, 0 0x1335f: push cs 0x13360: pop es 0x13361: mov dh, dh 0x13363: mov si, 0x13a 0x13366: mov ch, ch 0x13368: cmp word ptr [bp + si + 1], 0x414c 0x1336d: jne 0x1337d 0x1336f: mov ah, 0xb9 0x13371: mov dx, dx 0x13373: add ah, 0 0x13376: int 0x21
2018-12-25T11:52:56.744207562Z	76	PC: 132a4 \| Terminate with return code (Return code = '3')
2018-12-25T11:52:56.748250633Z	73	PC: 12c44 \| Release memory
2018-12-25T11:52:56.750167838Z	49	PC: 12c53 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":5,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4825,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:56.79560773Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dh, 0xa 0x12aec: jne 0x12afa 0x12aee: mov ah, ah 0x12af0: cmp dl, 5 0x12af3: jne 0x12afa 0x12af5: mov dx, dx 0x12af7: call 0x12cb8 0x12afa: mov ch, ch 0x12afc: add ah, 0 0x12aff: push cs 0x12b00: pop es 0x12b01: mov dh, dh 0x12b03: mov si, 0x13a 0x12b06: mov ch, ch 0x12b08: cmp word ptr [bp + si + 1], 0x414c 0x12b0d: jne 0x12b1d 0x12b0f: mov ah, 0xb9 0x12b11: mov dx, dx 0x12b13: add ah, 0 0x12b16: int 0x21
2018-12-25T11:52:56.798874003Z	65	PC: 12cc1 \| Delete file (Filename = 'c:\RA\RA.')
2018-12-25T11:52:56.803858901Z	185	PC: 12b18 \| UNKNOWN!
2018-12-25T11:52:56.805488301Z	74	PC: 12b78 \| Reallocate memory
2018-12-25T11:52:56.807132361Z	53	PC: 12b7d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:56.810120707Z	37	PC: 12b9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:56.819433894Z	75	PC: 12c32 \| Execute program
2018-12-25T11:52:56.834537091Z	42	PC: 13349 \| Get date 0x13349: cmp dh, 0xa 0x1334c: jne 0x1335a 0x1334e: mov ah, ah 0x13350: cmp dl, 5 0x13353: jne 0x1335a 0x13355: mov dx, dx 0x13357: call 0x13518 0x1335a: mov ch, ch 0x1335c: add ah, 0 0x1335f: push cs 0x13360: pop es 0x13361: mov dh, dh 0x13363: mov si, 0x13a 0x13366: mov ch, ch 0x13368: cmp word ptr [bp + si + 1], 0x414c 0x1336d: jne 0x1337d 0x1336f: mov ah, 0xb9 0x13371: mov dx, dx 0x13373: add ah, 0 0x13376: int 0x21
2018-12-25T11:52:56.837113746Z	65	PC: 13521 \| Delete file (Filename = 'c:\RA\RA.')
2018-12-25T11:52:56.840456706Z	76	PC: 132a4 \| Terminate with return code (Return code = '3')
2018-12-25T11:52:56.843027088Z	73	PC: 12c44 \| Release memory
2018-12-25T11:52:56.844618495Z	49	PC: 12c53 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4825,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:57.252386519Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dh, 0xa 0x12aec: jne 0x12afa 0x12aee: mov ah, ah 0x12af0: cmp dl, 5 0x12af3: jne 0x12afa 0x12af5: mov dx, dx 0x12af7: call 0x12cb8 0x12afa: mov ch, ch 0x12afc: add ah, 0 0x12aff: push cs 0x12b00: pop es 0x12b01: mov dh, dh 0x12b03: mov si, 0x13a 0x12b06: mov ch, ch 0x12b08: cmp word ptr [bp + si + 1], 0x414c 0x12b0d: jne 0x12b1d 0x12b0f: mov ah, 0xb9 0x12b11: mov dx, dx 0x12b13: add ah, 0 0x12b16: int 0x21
2018-12-25T11:52:57.255541671Z	185	PC: 12b18 \| UNKNOWN!
2018-12-25T11:52:57.256865428Z	74	PC: 12b78 \| Reallocate memory
2018-12-25T11:52:57.258162678Z	53	PC: 12b7d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.259994882Z	37	PC: 12b9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.261658904Z	75	PC: 12c32 \| Execute program
2018-12-25T11:52:57.275852017Z	42	PC: 13349 \| Get date 0x13349: cmp dh, 0xa 0x1334c: jne 0x1335a 0x1334e: mov ah, ah 0x13350: cmp dl, 5 0x13353: jne 0x1335a 0x13355: mov dx, dx 0x13357: call 0x13518 0x1335a: mov ch, ch 0x1335c: add ah, 0 0x1335f: push cs 0x13360: pop es 0x13361: mov dh, dh 0x13363: mov si, 0x13a 0x13366: mov ch, ch 0x13368: cmp word ptr [bp + si + 1], 0x414c 0x1336d: jne 0x1337d 0x1336f: mov ah, 0xb9 0x13371: mov dx, dx 0x13373: add ah, 0 0x13376: int 0x21
2018-12-25T11:52:57.277903367Z	76	PC: 132a4 \| Terminate with return code (Return code = '2')
2018-12-25T11:52:57.281331688Z	73	PC: 12c44 \| Release memory
2018-12-25T11:52:57.282574671Z	49	PC: 12c53 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4825,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:57.445043318Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dh, 0xa 0x12aec: jne 0x12afa 0x12aee: mov ah, ah 0x12af0: cmp dl, 5 0x12af3: jne 0x12afa 0x12af5: mov dx, dx 0x12af7: call 0x12cb8 0x12afa: mov ch, ch 0x12afc: add ah, 0 0x12aff: push cs 0x12b00: pop es 0x12b01: mov dh, dh 0x12b03: mov si, 0x13a 0x12b06: mov ch, ch 0x12b08: cmp word ptr [bp + si + 1], 0x414c 0x12b0d: jne 0x12b1d 0x12b0f: mov ah, 0xb9 0x12b11: mov dx, dx 0x12b13: add ah, 0 0x12b16: int 0x21
2018-12-25T11:52:57.448626667Z	185	PC: 12b18 \| UNKNOWN!
2018-12-25T11:52:57.449965169Z	74	PC: 12b78 \| Reallocate memory
2018-12-25T11:52:57.451259363Z	53	PC: 12b7d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.452742249Z	37	PC: 12b9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.454107741Z	75	PC: 12c32 \| Execute program
2018-12-25T11:52:57.469020424Z	42	PC: 13349 \| Get date 0x13349: cmp dh, 0xa 0x1334c: jne 0x1335a 0x1334e: mov ah, ah 0x13350: cmp dl, 5 0x13353: jne 0x1335a 0x13355: mov dx, dx 0x13357: call 0x13518 0x1335a: mov ch, ch 0x1335c: add ah, 0 0x1335f: push cs 0x13360: pop es 0x13361: mov dh, dh 0x13363: mov si, 0x13a 0x13366: mov ch, ch 0x13368: cmp word ptr [bp + si + 1], 0x414c 0x1336d: jne 0x1337d 0x1336f: mov ah, 0xb9 0x13371: mov dx, dx 0x13373: add ah, 0 0x13376: int 0x21
2018-12-25T11:52:57.471721294Z	76	PC: 132a4 \| Terminate with return code (Return code = '3')
2018-12-25T11:52:57.475005167Z	73	PC: 12c44 \| Release memory
2018-12-25T11:52:57.476298574Z	49	PC: 12c53 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":5,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4825,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:57.56873719Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dh, 0xa 0x12aec: jne 0x12afa 0x12aee: mov ah, ah 0x12af0: cmp dl, 5 0x12af3: jne 0x12afa 0x12af5: mov dx, dx 0x12af7: call 0x12cb8 0x12afa: mov ch, ch 0x12afc: add ah, 0 0x12aff: push cs 0x12b00: pop es 0x12b01: mov dh, dh 0x12b03: mov si, 0x13a 0x12b06: mov ch, ch 0x12b08: cmp word ptr [bp + si + 1], 0x414c 0x12b0d: jne 0x12b1d 0x12b0f: mov ah, 0xb9 0x12b11: mov dx, dx 0x12b13: add ah, 0 0x12b16: int 0x21
2018-12-25T11:52:57.571813071Z	65	PC: 12cc1 \| Delete file (Filename = 'c:\RA\RA.')
2018-12-25T11:52:57.576108477Z	185	PC: 12b18 \| UNKNOWN!
2018-12-25T11:52:57.577762318Z	74	PC: 12b78 \| Reallocate memory
2018-12-25T11:52:57.581657087Z	53	PC: 12b7d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.582775803Z	37	PC: 12b9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.584590815Z	75	PC: 12c32 \| Execute program
2018-12-25T11:52:57.598897503Z	42	PC: 13349 \| Get date 0x13349: cmp dh, 0xa 0x1334c: jne 0x1335a 0x1334e: mov ah, ah 0x13350: cmp dl, 5 0x13353: jne 0x1335a 0x13355: mov dx, dx 0x13357: call 0x13518 0x1335a: mov ch, ch 0x1335c: add ah, 0 0x1335f: push cs 0x13360: pop es 0x13361: mov dh, dh 0x13363: mov si, 0x13a 0x13366: mov ch, ch 0x13368: cmp word ptr [bp + si + 1], 0x414c 0x1336d: jne 0x1337d 0x1336f: mov ah, 0xb9 0x13371: mov dx, dx 0x13373: add ah, 0 0x13376: int 0x21
2018-12-25T11:52:57.601353516Z	65	PC: 13521 \| Delete file (Filename = 'c:\RA\RA.')
2018-12-25T11:52:57.605361937Z	76	PC: 132a4 \| Terminate with return code (Return code = '3')
2018-12-25T11:52:57.608107796Z	73	PC: 12c44 \| Release memory
2018-12-25T11:52:57.609998953Z	49	PC: 12c53 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4825,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:57.693579174Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dh, 0xa 0x12aec: jne 0x12afa 0x12aee: mov ah, ah 0x12af0: cmp dl, 5 0x12af3: jne 0x12afa 0x12af5: mov dx, dx 0x12af7: call 0x12cb8 0x12afa: mov ch, ch 0x12afc: add ah, 0 0x12aff: push cs 0x12b00: pop es 0x12b01: mov dh, dh 0x12b03: mov si, 0x13a 0x12b06: mov ch, ch 0x12b08: cmp word ptr [bp + si + 1], 0x414c 0x12b0d: jne 0x12b1d 0x12b0f: mov ah, 0xb9 0x12b11: mov dx, dx 0x12b13: add ah, 0 0x12b16: int 0x21
2018-12-25T11:52:57.696581609Z	185	PC: 12b18 \| UNKNOWN!
2018-12-25T11:52:57.698241625Z	74	PC: 12b78 \| Reallocate memory
2018-12-25T11:52:57.699656848Z	53	PC: 12b7d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.700924079Z	37	PC: 12b9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.70258638Z	75	PC: 12c32 \| Execute program
2018-12-25T11:52:57.718941813Z	42	PC: 13349 \| Get date 0x13349: cmp dh, 0xa 0x1334c: jne 0x1335a 0x1334e: mov ah, ah 0x13350: cmp dl, 5 0x13353: jne 0x1335a 0x13355: mov dx, dx 0x13357: call 0x13518 0x1335a: mov ch, ch 0x1335c: add ah, 0 0x1335f: push cs 0x13360: pop es 0x13361: mov dh, dh 0x13363: mov si, 0x13a 0x13366: mov ch, ch 0x13368: cmp word ptr [bp + si + 1], 0x414c 0x1336d: jne 0x1337d 0x1336f: mov ah, 0xb9 0x13371: mov dx, dx 0x13373: add ah, 0 0x13376: int 0x21
2018-12-25T11:52:57.721797955Z	76	PC: 132a4 \| Terminate with return code (Return code = '2')
2018-12-25T11:52:57.726060405Z	73	PC: 12c44 \| Release memory
2018-12-25T11:52:57.727849679Z	49	PC: 12c53 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4825,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:57.568289458Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dh, 0xa 0x12aec: jne 0x12afa 0x12aee: mov ah, ah 0x12af0: cmp dl, 5 0x12af3: jne 0x12afa 0x12af5: mov dx, dx 0x12af7: call 0x12cb8 0x12afa: mov ch, ch 0x12afc: add ah, 0 0x12aff: push cs 0x12b00: pop es 0x12b01: mov dh, dh 0x12b03: mov si, 0x13a 0x12b06: mov ch, ch 0x12b08: cmp word ptr [bp + si + 1], 0x414c 0x12b0d: jne 0x12b1d 0x12b0f: mov ah, 0xb9 0x12b11: mov dx, dx 0x12b13: add ah, 0 0x12b16: int 0x21
2018-12-25T11:52:57.571295764Z	185	PC: 12b18 \| UNKNOWN!
2018-12-25T11:52:57.575932732Z	74	PC: 12b78 \| Reallocate memory
2018-12-25T11:52:57.578272561Z	53	PC: 12b7d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.580032788Z	37	PC: 12b9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.581738251Z	75	PC: 12c32 \| Execute program
2018-12-25T11:52:57.597727528Z	42	PC: 13349 \| Get date 0x13349: cmp dh, 0xa 0x1334c: jne 0x1335a 0x1334e: mov ah, ah 0x13350: cmp dl, 5 0x13353: jne 0x1335a 0x13355: mov dx, dx 0x13357: call 0x13518 0x1335a: mov ch, ch 0x1335c: add ah, 0 0x1335f: push cs 0x13360: pop es 0x13361: mov dh, dh 0x13363: mov si, 0x13a 0x13366: mov ch, ch 0x13368: cmp word ptr [bp + si + 1], 0x414c 0x1336d: jne 0x1337d 0x1336f: mov ah, 0xb9 0x13371: mov dx, dx 0x13373: add ah, 0 0x13376: int 0x21
2018-12-25T11:52:57.600133248Z	76	PC: 132a4 \| Terminate with return code (Return code = '3')
2018-12-25T11:52:57.603902706Z	73	PC: 12c44 \| Release memory
2018-12-25T11:52:57.605544475Z	49	PC: 12c53 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":5,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4825,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:57.823396411Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dh, 0xa 0x12aec: jne 0x12afa 0x12aee: mov ah, ah 0x12af0: cmp dl, 5 0x12af3: jne 0x12afa 0x12af5: mov dx, dx 0x12af7: call 0x12cb8 0x12afa: mov ch, ch 0x12afc: add ah, 0 0x12aff: push cs 0x12b00: pop es 0x12b01: mov dh, dh 0x12b03: mov si, 0x13a 0x12b06: mov ch, ch 0x12b08: cmp word ptr [bp + si + 1], 0x414c 0x12b0d: jne 0x12b1d 0x12b0f: mov ah, 0xb9 0x12b11: mov dx, dx 0x12b13: add ah, 0 0x12b16: int 0x21
2018-12-25T11:52:57.82689035Z	65	PC: 12cc1 \| Delete file (Filename = 'c:\RA\RA.')
2018-12-25T11:52:57.831305365Z	185	PC: 12b18 \| UNKNOWN!
2018-12-25T11:52:57.833077043Z	74	PC: 12b78 \| Reallocate memory
2018-12-25T11:52:57.83540468Z	53	PC: 12b7d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.840264157Z	37	PC: 12b9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:57.842692742Z	75	PC: 12c32 \| Execute program
2018-12-25T11:52:57.859531739Z	42	PC: 13349 \| Get date 0x13349: cmp dh, 0xa 0x1334c: jne 0x1335a 0x1334e: mov ah, ah 0x13350: cmp dl, 5 0x13353: jne 0x1335a 0x13355: mov dx, dx 0x13357: call 0x13518 0x1335a: mov ch, ch 0x1335c: add ah, 0 0x1335f: push cs 0x13360: pop es 0x13361: mov dh, dh 0x13363: mov si, 0x13a 0x13366: mov ch, ch 0x13368: cmp word ptr [bp + si + 1], 0x414c 0x1336d: jne 0x1337d 0x1336f: mov ah, 0xb9 0x13371: mov dx, dx 0x13373: add ah, 0 0x13376: int 0x21
2018-12-25T11:52:57.862355415Z	65	PC: 13521 \| Delete file (Filename = 'c:\RA\RA.')
2018-12-25T11:52:57.86717752Z	76	PC: 132a4 \| Terminate with return code (Return code = '3')
2018-12-25T11:52:57.870724473Z	73	PC: 12c44 \| Release memory
2018-12-25T11:52:57.87259972Z	49	PC: 12c53 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')